Challenges of Information Security Management in a Research and Development Software Services Company

2010 ◽  
Vol 12 (2) ◽  
pp. 16-30 ◽  
Author(s):  
Varadharajan Sridhar
Keyword(s):  
Information Security ◽  
Research And Development ◽  
User Needs ◽  
Information Security Management ◽  
Implementation Team ◽  
Software Company ◽  
Industry Standard ◽  
Physical Isolation ◽  
Security Infrastructure ◽  
Software Services

WirelessComSoft, a software company based in India, provided research and development outsourcing support in an Intellectual Property strong wireless communication products and services space. Over a period, WirelessComSoft developed a robust information security infrastructure and complied with industry standard auditing procedures. However, implementing information security across its different world-wide sites, updating it in tune with evolving user needs, deploying robust business continuity architecture, and maintaining logical and physical isolation of clients’ off-shore development centers were challenges that WirelessComSoft’s security implementation team grappled with every day. The case presents how information security infrastructure at WirelessComSoft evolved, the challenges faced and the methods implemented by the information security team to overcome these challenges.

Information Security Management

2008 ◽  
pp. 350-357 ◽  
Author(s):  
Mariana Hentea
Keyword(s):  
Information Security ◽  
Security Management ◽  
Virtual Private Networks ◽  
Product Lines ◽  
Information Security Management ◽  
Security Technologies ◽  
Detection Systems ◽  
Security Controls ◽  
Security Infrastructure ◽  
Management Capabilities

Information security management is the framework for ensuring the effectiveness of information security controls over information resources to ensure no repudiation, authenticity, confidentiality, integrity and availability of the information. Organizations need a systematic approach for information security management that addresses security consistently at every level. However, the security infrastructure of most organizations came about through necessity rather than planning, a reactive-based approach as opposed to a proactive approach (Gordon, Loeb & Lucyshyn, 2003). Intrusion detection systems, firewalls, anti-virus software, virtual private networks, encryption and biometrics are security technologies in use today. Many devices and systems generate hundreds of events and report various problems or symptoms. Also, these devices may all come at different times and from different vendors, with different reporting and management capabilities and—perhaps worst of all—different update schedules. The security technologies are not integrated, and each technology provides the information in its own format and meaning. In addition, these systems across versions, product lines and vendors may provide little or no consistent characterization of events that represent the same symptom. Also, the systems are not efficient and scalable because they rely on human expertise to analyze periodically the data collected with all these systems. Network administrators regularly have to query different databases for new vulnerabilities and apply patches to their systems to avoid attacks. Quite often, different security staff is responsible and dedicated for the monitoring and analysis of data provided by a single system. Security staff does not periodically analyze the data and does not timely communicate analysis reports to other staff. The tools employed have very little impact on security prevention, because these systems lack the capability to generalize, learn and adapt in time.

Information Security Management

2011 ◽  
pp. 390-395
Author(s):  
Mariana Hentea
Keyword(s):  
Information Security ◽  
Security Management ◽  
Virtual Private Networks ◽  
Product Lines ◽  
Information Security Management ◽  
Security Technologies ◽  
Detection Systems ◽  
Security Controls ◽  
Security Infrastructure ◽  
Management Capabilities

Information security management is the framework for ensuring the effectiveness of information security controls over information resources to ensure no repudiation, authenticity, confidentiality, integrity and availability of the information. Organizations need a systematic approach for information security management that addresses security consistently at every level. However, the security infrastructure of most organizations came about through necessity rather than planning, a reactive-based approach as opposed to a proactive approach (Gordon, Loeb & Lucyshyn, 2003). Intrusion detection systems, firewalls, anti-virus software, virtual private networks, encryption and biometrics are security technologies in use today. Many devices and systems generate hundreds of events and report various problems or symptoms. Also, these devices may all come at different times and from different vendors, with different reporting and management capabilities and—perhaps worst of all—different update schedules. The security technologies are not integrated, and each technology provides the information in its own format and meaning. In addition, these systems across versions, product lines and vendors may provide little or no consistent characterization of events that represent the same symptom. Also, the systems are not efficient and scalable because they rely on human expertise to analyze periodically the data collected with all these systems. Network administrators regularly have to query different databases for new vulnerabilities and apply patches to their systems to avoid attacks. Quite often, different security staff is responsible and dedicated for the monitoring and analysis of data provided by a single system. Security staff does not periodically analyze the data and does not timely communicate analysis reports to other staff. The tools employed have very little impact on security prevention, because these systems lack the capability to generalize, learn and adapt in time.

ALGORITHM FOR DETERMINING THE DEGREE VALUES OF CONFIDENTIAL DOCUMENTS OF THE ORGANIZATION

2017 ◽  
pp. 80-88
Author(s):  
Sergey Valerevich Belov ◽  
Irina Mikhalovna Kosmacheva ◽  
Irina Vyacheslavovna Sibikina
Keyword(s):  
Information Security ◽  
Russian Federation ◽  
Value Of Information ◽  
Weighting Factor ◽  
State Regulation ◽  
The State ◽  
Information Security Management ◽  
Pair Comparison ◽  
The Russian Federation ◽  
Properties Of Information

To solve the problem of information security management the method was proposed that allows determining the degree of importance of confidential documents of the organization. The urgency of the proposed algorithm was substantiated taking into account the requirements of the legislation of the Russian Federation in the sphere of information security. The stages prior to the formation of the list of confidential documents of the organization were described. A review of the main documents of the legal and regulatory framework was carried out including documents relating to the state regulation of relations in the sphere of information security. The classes of protected information for the accessing categories were considered. The criteria changes of the value of information in the process of time were represented. The algorithm of formation of the list of confidential documents of the organization based on the properties of information was offered. The algorithm is based on an expert method of pair comparison of alternatives. The result of the use of this method is a number of confidential documents, ranked in descending order of importance. For each document the weighting factor of importance can be calculated. The verification stage of the degree of expert consistency was included in the methodology to eliminate the use of erroneous expert data. The application of the methodology is illustrated by a calculated example.

VISUALIZATION OF INFORMATION SECURITY MANAGEMENT PROCESSES

2017 ◽  
Vol 9 (5) ◽  
pp. 117-136
Author(s):  
N.G. Miloslavskaya ◽  
A.I. Tolstoy
Keyword(s):  
Information Security ◽  
Security Management ◽  
Information Security Management ◽  
Management Processes
Sign in / Sign up

Export Citation Format

Share Document